Automakers, U.S. security officials worry about hacking of cars

Share this:

(Photo Jacqueline Ramseyer/SVCN/May 19, 2011)Donna Dearinger looks up the nearest charging stations along her chosen route. Dearinger is one of the first people in Silicon Valley to own a Nissan Leaf, an all-electric car.

The dashboard of Olivier ChalouhiÕs Nissan Leaf is shown in this photo. Chalouhi, of Redwood City, took delivery of the first Nissan Leaf on Dec. 11.(Kirstina Sangsahachart/ Daily News)

Sound

The gallery will resume inseconds

The dashboard of Olivier ChalouhiÕs Nissan Leaf is shown in this photo. Chalouhi, of Redwood City, took delivery of the first Nissan Leaf on Dec. 11.(Kirstina Sangsahachart/ Daily News)

Imagine this nightmarish possibility: al-Qaida terrorists remotely disabling the brakes on thousands of cars racing down a Bay Area freeway during the morning commute, leading to massive chaos, death and destruction. Implausible? Maybe not, some experts warn.

As cars and trucks have become laden with brainy devices to control everything from air bags to crash-avoidance systems, the vehicles have become increasingly vulnerable to cyberattacks, according to recent studies by university researchers and security companies.

One found that a car’s computer controls could be remotely accessed through its Bluetooth, Wi-Fi or OnStar connections, potentially allowing terrorists to control the brakes of numerous cars simultaneously, corporate spies to eavesdrop on a motoring executive’s phone calls, or thieves to electronically locate, break into and start cars they’ve targeted to steal. Another showed how a car’s tire pressure warning system could be wirelessly tricked into sending false alerts to drivers, which could prompt them to stop and fall prey to robbers following them.

Speculating that villains might short sell an auto company’s stock and then cause widespread problems in its cars, Ryan Permeh, a principal security architect at Intel’s (INTC) McAfee division, added, “I can definitely imagine organized crime or potentially even nation-states leveraging weaknesses in these functions to cause different kinds of havoc.”

Although instances of car hacking have been extremely rare, the threat has gotten the attention of automakers.

“We are very, very concerned,” said Chrysler spokesman Vince Muniga, adding that it is consulting with computer experts to identify “things that may be vulnerable in the future.”

Similarly, Ford “is taking the threat very seriously” and “working to ensure that we’ve developed a product that is as resistant to attack as possible,” said Rich Strader, the company’s director of information technology, security and storage.

The subject also has gotten the federal government’s attention.

“The National Highway Traffic Safety Administration is aware of the potential for ‘hackers’ and is working with automakers to better understand what steps can and are being taken to address the problem,” the agency said in a statement, adding that it has asked the National Academy of Sciences to look into the matter.

Because of consumer demand for entertainment, convenience and safety features in cars, automakers in recent years have greatly beefed up the technology in their vehicles. It’s not unusual for luxury autos to sport 70 computerized control units — many featuring microchips made by Silicon Valley companies — that monitor everything from the engine, transmission and headlights to the cabin temperature, air bags and cruise control.

Some cars even park themselves, or automatically brake to prevent collisions. But their various wireless connections can enable hackers located some distance away to electronically infiltrate an automobile and take virtual control of it, experts have determined.

In a September report about the “emerging risks in automotive system security,” McAfee described the case last year of a disgruntled former employee of a Texas used-car dealership. By accessing the system the dealership used to remotely deactivate cars whose buyers failed to make payments, he created mayhem by blaring the horns and shutting off the engines of more than 100 vehicles.

Other problems could be coming down the road.

In a study last year, University of South Carolina researchers in one vehicle caused the tire-pressure warning system of another to send bogus alerts to its dashboard. Because such alerts could prompt drivers to pull over to check their tires, the researchers warned, “this presents ample opportunity for mischief and criminal activities.”

Another troubling flaw was uncovered by a security tester hired by an unidentified U.S. city, according to the McAfee report. After hacking into police-car camera recorders, it said, “he was easily able to upload, download and delete files that stored months worth of video feeds.”

Still more weaknesses were detailed in a study in August by the Center for Automotive Embedded Systems Security, a collaboration between UC San Diego and the University of Washington. It concluded that thieves could wirelessly command groups of cars to report their GPS coordinates and vehicle identification numbers, enabling the crooks to learn the year, make, model and location of the most expensive ones. Then, it said, they could steal those autos by issuing other wireless commands to disable their alarms, unlock them and start their engines.

Using a related technique, the study warned, corporate spies could listen in on the phone conversations of a motoring executive, or, more disturbingly, terrorists who previously had infected numerous cars with malicious software could later command the vehicles to “simultaneously disengage the brakes when driving at high speed.”

And while much has been learned about the ways crooks can compromise cars, Stefan Savage, a computer scientist who participated in one of the recent studies, said it’s hard to anticipate all of the schemes that might be tried in the future, adding, “I would be quite surprised if there are not additional vulnerabilities.”

With lower home prices, more Californians could afford a home purchase in the fourth quarter of 2018 compared to the previous quarter, but the California Association of Realtors reports higher interest rates lowered affordability from the previous year for most counties.